Research
The short story about Clubhouse user scraping and social graphs
TL;DR During this RedTeam testing, we used Clubhouse as a social engineering tool to find out more about our client's employees. UPDATE: While we were preparing this article for publication, ...
r00kie-kr00kie. Exploring the kr00k attack
TL;DR We created and published a PoC exploit of the kr00k attack (CVE-2019-15126): https://github.com/hexway/r00kie-kr00kie All technical details can be found in the Process section. INTRODUCTION AND MOTIVATION In February 2020, ...
Piercing the Shield. Breaking the FunctionShield cloud security library
TL;DR We've found a vulnerability in FunctionShield, a cloud security library, that allows bypassing its tightest restrictions completely. All technical details can be found in the "Process" section. Cloud computing ...
Blog
CYBERSECURITY NEWS V. September – BrakTooth vulnerabilities, 500k Fortinet VPN accounts leak, JVC Kenwood hacked
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI Apple Pay with Visa card allows paying with locked ...
NEW UPDATE. HIVE. VERSION 0.27.0
Hey Hexwayers & our guests! A new day brings you a new release. What’s in it for you today? Cross-project pentesters labor dashboard Notification system update Utility name import via ...
CYBERSECURITY NEWS V. August – T-Mobile hack, Largest DDoS attack, ProxyShell vulnerabilities
hexway cybersecurity blog brings you the latest news about attacks and data breaches, emerging malware, and vendor security updates News FYI T-Mobile hack In mid-August, an announcement about the sale ...
Try Hexway online
